diff --git a/htdocs/contact.class.php b/htdocs/contact.class.php
index 401cecf73d6..a81f3e6a883 100644
--- a/htdocs/contact.class.php
+++ b/htdocs/contact.class.php
@@ -93,9 +93,11 @@ class Contact
 
         $sql = "INSERT INTO ".MAIN_DB_PREFIX."socpeople (datec, fk_soc, name, fk_user)";
         $sql.= " VALUES (now(),";
-        if ($this->socid > 0) $sql.= " $this->socid,";
+        if ($this->socid > 0) $sql.= " ".$this->socid.",";
         else $sql.= "null,";
-        $sql.= "'$this->name',$user->id)";
+        $sql.= "'".addslashes($this->name)."',";
+		$sql.= $user->id;
+		$sql.= ")";
 	   	dolibarr_syslog("Contact.class::create sql=".$sql);
 
         $resql=$this->db->query($sql);
@@ -156,9 +158,9 @@ class Contact
         }
     
         $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET ";
-        if ($this->socid > 0) $sql .= "  fk_soc='".addslashes($this->socid)."'";
-        if ($this->socid == -1) $sql .= "  fk_soc=null";
-        $sql .= ", civilite='".addslashes($this->civilite_id)."'";
+        if ($this->socid > 0) $sql .= "  fk_soc='".addslashes($this->socid)."',";
+        if ($this->socid == -1) $sql .= "  fk_soc=null,";
+        $sql .= "  civilite='".addslashes($this->civilite_id)."'";
         $sql .= ", name='".addslashes($this->name)."'";
         $sql .= ", firstname='".addslashes($this->firstname)."'";
         $sql .= ", address='".addslashes($this->address)."'";
diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php
index 597304046ee..714d8d0b21a 100644
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -71,9 +71,11 @@ if ($contactid && !$user->rights->commercial->client->voir)
 	}
 }
 
-if ($user->rights->societe->contact->creer)
+
+// Creation utilisateur depuis contact
+if ($user->rights->user->user->creer)
 {
-	if ($_GET["action"] == 'create_user' && $user->admin)
+	if ($_GET["action"] == 'create_user')
 	{
 		// Recuperation contact actuel
 		$contact = new Contact($db);
@@ -87,6 +89,7 @@ if ($user->rights->societe->contact->creer)
 	}
 }
 
+// Creation contact
 if ($user->rights->societe->contact->creer)
 {
   if ($_POST["action"] == 'add')
@@ -126,9 +129,12 @@ if ($user->rights->societe->contact->creer)
               Header("Location: fiche.php?id=".$id);
               exit;
         }
-
-        $error=array($contact->error);
-    }
+		else
+		{
+			$error=array($contact->error);
+			$_GET["action"] = 'create';
+		}
+	}
   }
 }